PeteCresswell said:
User opens up Outlook, and it just clocks and clocks. The PC is
effectively locked up and only a reboot will get it back.
Have the user load Outlook in its safe mode to check if an add-on is the
problem. Users will install 32-bit add-ons when they have installed the
64-bit version of Microsoft Office hence Outlook is also 64-bit. Users
will install an add-on that works okay in an old version of MS Office
they were using to then upgrade to a later version of MS Office which
makes the add-on crash.
When Outlook loads, it loads the enabled add-ons. If an add-on crashes
on loading, it takes Outlook with it. When Outlook exits, it first
unloads all currently loaded add-ons. If an add-on crashes on exit, it
takes Outlook with it.
I open up a Command Line and no problem: I can Ping, list C:
directories, and so-forth.
But the Command window wants to be opened with "Elevated Mode", which I
take to be Admin authority before it will let me do a CHKDSK C:... and
therein lies a problem.
Not if you run cmd.exe from the Start -> Run menu. That will load the
command shell but in non-privileged mode. Sounds like the user is using
a shortcut to load the command shell (cmd.exe) but the shortcut is
configured to Run As with admin privileges. That means you get a prompt
asking if you really want to load the command shell with admin
privileges. Either use a different shortcut that loads cmd.exe without
admin privileges or use Start -> Run or the Start menu searchbox to load
cmd.exe as a normal process. That means that command shell can't do
anything that requires admin privileges.
You, er, the client could sacrifice the added security of UAC by
disabling it. That would eliminate the UAC prompt whenever you load any
program that wants admin privileges. That means malware can run, too,
without any prompt.
Has this user yet rebooted his computer. I don't mean shutting down
into hibernate mode because on reload of Windows then it is restored to
the same state (in the memory image). Have then completely shutdown
Windows to make sure any pending changes from updates get completed.
Many updates require a restart of Windows so in-use files can be
replaced on startup. If that doesn't work, have then boot into Windows'
safe mode (go into the boot menu), log into Windows to get to their
desktop, and then reboot into Windows' normal mode. Sometimes an update
requires a kick in its ass by using safe mode and then go into normal
mode.
When I try to open a Command Line window as Admin ("Run as
administrator") , it never opens. Without Admin, no problem... with
Admin nothing...
Load Task Manager and look at its Processes tab. Position the list of
processes so you can see the load of any process that begins with "c".
Try loading (however is not clearly mentioned) cmd.exe again and see if
a same-named process shows up in Task Manager.
There may already be a slew of cmd.exe processes already loaded. Kill
them and then retry just loading one instance of it.
I want to run CHKDSK, Malwarebytes, and a few other utilities, but none
of them can be opened.
Run anti-malware from bootable media; e.g., bootable CD/DVD or USB flash
drive.
Could be malware. Could be the client hosed their own system, like they
used a tweaker or double-clicked on a .reg file they got from somewhere
and that removed the filetype associate for .exe files. Even in a
non-privileged command shell, you can run "assoc .exe" to see what
handler was assigned to that filetype. You should get:
assoc .exe
..exe=exefile
exefile is the class ID for the .exe filetype handler. If you can run
regedit (that will require admin privileges), look at the registry key:
HKEY_CLASSES_ROOT\exefile
Make sure that registry key is defined. Under it is a 'shell' subkey
and under that should be 'open', 'runas', and runasuser' subkeys. Under
those should be a 'command' subkey whose default data item's value
should be:
"%1" %*
The handler isn't exposed here. "%1" means the environment variable %1
that holds the name of the .exe file on which you double-clicked in
Windows Explorer (I assume you can still load that). The %* means to
add all the rest of the parameters passed to the command shell that
loads to handle the executable process. For example, a command line of
"notepad.exe c:\docs\myfile.txt" would have "%1 = notepad.exe" and
"%* = c:\docs\myfile.txt".
Alas, if the symptom is .exe files won't load then you also cannot load
regedit.exe to look at the registry. You may be stuck with using
bootable media with anti-malware usable from that.
Have you tried booting into Windows' safe mode yet?
TaskMan says the PC is idling along at between 20 and 50% CPU usage -
with no apps running.
Did you click the button to Show All Users in Task Manager's Processes
tab? If there is 50% CPU usage then one, or more, processes are using
up that much. It may not be just 1 process but a couple of them.